As medical devices, contact lenses are
subject to the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which protects personal healthcare information and regulates sharing of confidential information. How does this federal regulation affect a contact lens practice?

Reception discretion

The overriding tenet of HIPAA is that all patient information is private. This means you shouldn't discuss or announce the specifics of a patient's appointment -- including what kind of contact lenses he wears -- on the phone or at the reception desk, where others can overhear. When checking patients in and out, always be aware of the volume of your voice. You may want to rearrange your reception room, so private conversations aren't easily overheard.

Patient privacy extends to the exam room, too. It's no longer acceptable to post appointment schedules in office areas where everyone can read them. Distribute them on a need-to-know basis. And the best way to keep prying eyes from seeing patients' charts is by filing them when they're not in use.

Information exchange

Providing adequate patient care often requires coordinating treatment among several practitioners, which is possible only if everyone has access to the patient's health information. Providers also need to share information with third party payers, so they can receive authorization and payment for their services. HIPAA does allow healthcare professionals to share information with certain parties with a patient's written consent.

This provision comes into play when you're confirming prescriptions for mail-order contact lens companies in compliance with the Fairness to Contact Lens Consumers Act.

Practitioners also must disclose detailed refractive information to third parties to receive treatment authorization and to prescribe specialty lenses, such as those worn by keratoconus patients. Practitioners are free to release this confidential information without violating HIPAA guidelines.

Delicate balance

Despite HIPAA's provisions for sharing healthcare information, the underlying philosophy of this Act is to limit the number of individuals who have access to confidential patient information and the number of communications to "minimum necessary."

Balancing patient privacy and communication is a challenge we all face, but some common sense, combined with an understanding of basic HIPAA tenets, can help us remain
HIPAA-compliant without sacrificing the quality of patient care.